マニフェスト生成・編集ツール (Mage.exe) は、アプリケーションおよびデプロイマニフェストの作成と編集をサポートする、コマンドラインツールです。Mage.exEはコマンドラインツールとして、バッチスクリプトとASP.NETアプリケーションを含む他のWindowsベースのアプリケーションの両方から実行することができます。
ヒント
When you sign a manifest file using mage, two signature units are consumed. This is because two hash signatures are created for different types of content within the manifest:
The first hash signature is generated for the manifest file itself.
The second hash signature is generated for the files referenced within the manifest.
This double-signing process ensures the integrity of both the manifest file and its referenced files, safeguarding against any tampering attempts.
Follow these instructions to sign directly using Mage and securely reference your private key stored in Software Trust Manager via our KSP library. Alternatively, integrate Mage with Signing Manager Controller (SMCTL) for simplified signing.
Download and configure Windows clients installer
Command options supported by Mage:
Shortcut | Parameter | Description |
|---|---|---|
-s | -sign | Sign a file using a keypair or a certificate. |
-v | -verify | Verify that the manifest is signed correctly. This parameter cannot be combined with other commands. |
-a | -Algorithm | Specifies "sha256RSA" or "sha1RSA as the algorithm to generate dependency digests with. |
-cf | -CertFile | Provide the path to the certificate you want to sign with. |
-ch | -CertHash | Provide the certificate hash or certificate fingerprint. |
-kc | -KeyContainer | Provide the keypair alias. |
-csp | -CryptoProvider | Specify “DigiCert Signing Manager KSP”. |
-ti | -TimestampUri | Specify http://timestamp.digicert.com |
注記
When specifying a file you want to sign:
Provide only the name of the manifest file if the file is in the same location as where you are running terminal.
Provide the path to the manifest file you want to sign if the file is in a different location than where you are running terminal
You can use one of the following methods to sign binaries with Mage:
Downloaded certificate and keypair alias
Certificate fingerprint
To sign, run:
mage -sign <file_name> -CertFile <file_name> -KeyContainer <keypair_alias> -CryptoProvider “DigiCert Signing Manager KSP” -a sha256RSA -TimestampUri http://timestamp.digicert.comCommand sample:
mage -sign example.exe.manifest -CertFile C:\Users\Name\Desktop\example.crt -KeyContainer key1 -CryptoProvider "DigiCert Signing Manager KSP" -a sha256RSA -TimestampUri http://timestamp.digicert.com証明書を同期させ、鍵ペアエイリアスと証明書ファイルのパスを入力してください。
To sync the default certificate associated with the specified keypair alias:
smctl windows certsync --keypair-alias=<keypair alias>注記
For more information refer to the Windows command manual.
To sign, run:
mage -sign <file_name> -CertHash <hash_or_cert_fingerprint> -TimestampUri http://timestamp.digicert.comCommand sample:
mage -sign example.exe.manifest -CertHash f39dbe6bcfaa43ca39585aa40ab0a19bf29991cb -TimestampUri http://timestamp.digicert.com
注記
You must be connected to the Internet when signing a manifest that specifies a -TimestampUri value.
To verify the signed file, run:
mage -verify <file_name>Command sample:
mage -verify example.exe.manifest
注記
The verify command is only available in .NET Framework 4.7 and later versions.